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CLAIMS 

1. A method of allocating processing capacity of system processing units in an extranet 
gateway, the method comprising the steps of: 

establishing a first initial expected available bandwidth of a first of the system processing 

units; 

establishing a second initial expected available bandwidth of a second of the system 
processing units; and 

assigning a Virtual Private Network (VPN) tunnel to one of the first and second system 
processing units for processing by assessing current available bandwidths of the first and second 
system processing units, the current available bandwidths being determined by assessing the 
initial expected available bandwidth for that system processing unit as decremented by other 
processing requirements for that system processing unit. 

2. The method of claim 1, wherein one of the other processing requirements comprises 
overhead processing requirements. 

3. The* method of claim 1, wherein one of the other processing requirements comprises 
processing requirements associated with other VPN tunnel assignments. 

4. The method of claim 1, wherein one of the other processing requirements comprises 
processing requirements associated with another SPU handling a VPN tunnel assignment. 

5. The method of claim 4, wherein the processing requirements associated with other 
VPN tunnel assignments comprise encapsulation and de-encapsulation processing requirements 
for the other VPN tunnels. 

6. The method of claim 5, wherein the processing requirements associated with other 
VPN tunnel assignments comprise at least one of encryption and de-encryption processing 
requirements for the other VPN tunnels. 
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7. The method of claim 1, wherein the first initial expected available bandwidth is 
established by multiplying a first processor speed associated with the first system processing unit 
with a first conversion factor, and wherein the second initial expected available bandwidth is 
established by multiplying a second processor speed associated with the second system 
processing unit with a second conversion factor. 

8. The method of claim 7, wherein the first conversion factor is the same as the second 
conversion factor. 

9. The method of claim 8, wherein the first conversion factor is defined as the amount of 
bandwidth passable by a given processor per unit CPU speed. 

^ 10. The method of claim 7, wherein the step of assigning the VPN tunnel to one of the 
first and second system processing units comprises assigning the VPN tunnel to the system 
processing unit having the highest current available bandwidth. 

11. The method of claim 10, wherein the highest current available bandwidth is based on 
an absolute bandwidth capacity basis. 

12. The method of claim 10, wherein the highest current available bandwidth is based on 
a relative bandwidth capacity basis. 

13. The method of claim 10, fixrther comprising the step of reducing the current available 
bandwidth for the one of the first and second system processing units to which the VPN tunnel 
was assigned. 

14. A network element, comprising: 

a first system processing unit (first SPU); 

a second system processing unit (second SPU); and 

control logic configured to: 

estabUsh a first initial expected available bandwidth for the first SPU; 
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establish a second initial expected available bandwidth for the second SPU; and 
assign a Virtual Private Network (VPN) tunnel to one of the first and second 
SPUs for processing by assessing current available bandwidths of the first and second 
SPUs, the current available bandwidths being determined by assessing the initial 
expected available bandwidth for that SPU as decremented by other processing 
requirements for that SPU. 

15. The network element of claim 14, wherein the other processing requirements 
comprise: 

overhead processing requirements; 

processing requirements associated with other VPN tunnels assigned to that SPU; and 
processing requirements associated with other VPN tunnels assigned to other SPUs. 

16. The network element of claim 15, wherein the processing requirements associated 
with other VPN tunnels assigned to that SPU comprise encryption and de-encryption processing 
requirements for the other VPN tunnels. 

17. The network element of claim 15, wherein the first initial expected available 
bandwidth is established by multiplying a first processor speed associated with the first SPU with 
a first conversion factor, and wherein the second initial expected available bandwidth is 
established by multiplying a second processor speed associated with the second SPU with a 
second conversion factor. 

18. The network element of claim 17, wherein the first conversion factor is the same as 
the second conversion factor, and wherein the first conversion factor is defined as the amount of 
bandwidth passable by a given processor per unit CPU speed. 

19. The network element of claim 17, wherein the control logic is configured to assign 
the VPN tunnel to one of the first and second SPUs by assigning the VPN tunnel to the SPU 
having the highest current available bandwidth. 
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20. The network element of claim 20, wherein the highest current available bandwidth is 
based on at least one of an absolute bandwidth capacity basis and a relative bandwidth capacity 
basis. 
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